Remote working, cyber attacks biggest data protection threats facing Irish organisations
2 February 2021 | 0
Remote working and the threat of cyber-attacks are the number one data protection concern for 65% of Irish companies in 2021. This is according to a new survey from the Association of Compliance Officers Ireland (ACOI) that sought to understand the current data protection risks facing companies – 85% of whom have more than 75% of their workforce currently working from home.
The survey of more than 250 organisations, answered by ACOI members with responsibility for compliance in financial organisations throughout the country, revealed that the mobile workforce arrangements, necessitated by the pandemic since last year, have left employers feeling increasingly vulnerable to data protection breaches.
“It’s abundantly apparent from this survey that remote working is a major issue facing firms this year when it comes to data protection, with 34% of businesses voicing their concerns around the risks associated with it,” said Michael Kavanagh, CEO of ACOI. “Given how intertwined the two things are it is perhaps unsurprising that risk of cyber-attack was cited by 31% of respondents as the biggest concern. Indeed, the two are not mutually exclusive, with remote working increasing organisations’ vulnerability to attacks.
“85% of our respondents have more than 75% of their workforce out of the office at the moment and while the survey suggests that the remote working landscape will certainly not look the same in 12 months, it is clear that the intricacies of having a national mobile workforce is something that all organisations will have to consider, both now and into the future, as flexibility around where people carry out their various roles becomes a key feature of modern day business.”
Remote working risk
The ACOI report that in the last 12 months many organisations have had to reassess their data security systems to adapt to new levels of cyber risk to internal assets and data, and urge that any that have yet to do so, need to move with some immediacy to rise to the data protection challenges of an off-site workforce. When asked ifthe risk of cyber-attack hasbecome a greater consideration since the redeployment of staff to home-based working, 89% of respondents said it has, to varying degrees.
Kavanagh continued: “Redeploying employees to work from home has ‘considerably’ increased risk for 37% of organisations, while 52% said it had increased risks ‘a little’. What’s interesting is that when we asked the same question last year 10% fewer organisations felt the risk had increased ‘considerably’. This would suggest that the recognition of, appreciation for, and experience of, risk is growing.
“The context for cybercrime and cyber-attack in Ireland is constantly evolving. PWC’s Irish Economic Crime Survey 2020 found that 69% of firms in Ireland have experienced cybercrime in the last 24 months, and that the incidence of cybercrime in Ireland (69%) is double that experienced by global companies (34%). The report also outlines that Ireland is now Europe’s largest data hosting cluster, putting the need for elevated cybercrime and data protection systems into sharp focus.”
The ACOI advise that regulators in Ireland and around the world constantly update and issue new guidance to firms in response to emerging cyber security issues, such as fake documentation, the reliability of information sources, and data privacy and protection. While the level of risk varies according to the sector, it is widely accepted among the financial services sector that Covid-19 has led to heightened risks in relation to money laundering and cyber-attacks.
Detect and protect
Kavanagh explained that there are ways for compliance professionals to detect and mitigate the increasing level of risk from cyber-crime that the business world is seeing.
“Whether it’s keeping your software and security systems up to date, running regular checks, or introducing more complex processes such as two-step authentication to your transactions and communications, there are small steps that businesses can take that will help detect and protect them from cyberthreats. However, a combination of technology and human resources will always be the best approach to maintaining cyber-safe and secure working practices and operational environments.”
Is this an area of interest? Tailored training for IT Professionals
The Irish Computer Society provides members with the necessary qualifications, skills and training needed to succeed and excel within the profession.
Upcoming courses which may be of interest include:
- Certificate in Business Analysis – offers academic accreditation for business analysts through the use of proven business analysis techniques. Up to 100% funding available.
- European Certified Data Protection Officer (ECDPO) – This programme has been designed to equip Data Protection Officers with the necessary skills and competencies to meet and maintain all aspects of data protection compliance.
- CDPP – Certified Data Protection Practitioner – Be confident that your organisation’s policies and procedures are legally compliant with data protection legislation by completing Ireland’s first certified data protection practitioner programme.